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Sirs, 

While doing an audit of this file we noticed that our Appeal Brief filed 6/1 8/2004 does not show up on 
PAIR. A phone call to the Patent Office revealed that our check has been cashed, but the 
documentation has not been entered. 

We are hereby re-submitting a copy of the documentation with a copy of the return receipt postcard 
that shows receipt by your office on 6/21/2004. 

Because of its size, we are not submitting the Appeal Brief in triplicate. However, should that be 
required please let us know and we will be happy to provide it 

In the event you have any questions or require further information please do not hesitate to contact me 
at (408)971-2573. 
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Practitioner's Docket No. NAI1P263/99.0 10.01 PATENT 

IN THE UNITED STAT 
In re application of: Glen Sonnenberg 



IN THE UNITED STATES PATENT AND TRADEMARK OFFICE jRECEHVED 

CENTRAL FMOEMFiB 

FEB 0 1 2005 



Application No.: 09/471,630 Group No.: 2131 

Filed- 12/24/1999 Examiner: Jackson, Jenise 

For. SYSTEM AND METHOD FOR SELECTIVE COMMUNICATION SCANNING AT A 
FIREWALL AND A NETWORK NODE 



Mail Stop Appeal Briefs - Patents 
Commissioner for Patents 
P.O. Box 1450 

Alexandria, VA 22313-1450 

TRANSMITTAL OF APPEAL BRIEF 
(PATENT APPLICATION-37 CJ.R. § 1-192) 

1. Transmitted herewith, in triplicate, is the APPEAL BRIEF in this application, with respect to the 
Notice of Appeal filed on May 27, 2004. 



2. STATUS OF APPLICANT 

This application is on behalf of other than a small entity. 



CERTIFICATION UNDER 37 C.F.R. §§ 1.8(a) and 1.10* 

(When using Express Mail, the Express Mail label number is mandatory; 
Express Mail certification is optional) 

I hereby certify thai, on the date shown below, this correspondence is being: 

s~ MAILING 

"deposited with the United States Postal Service in an envelope addressed to the Commissioner for Patents, P.O. Box 1450, Alexandria, VA 
22313-1450. 

/ 37 C.F.R§ 1.8(a) 37 C.F.R- § 1.10* 

_ with sufficient postage as first class mail. _ as "Express Mail Post Office lo Addressee* 1 

Mailing Label No. (mandatory) 



TRANSMISSION 

facsimile transmitted to the Patent and Trademark Office, (703) - 



Signature 

Date: Erica L. Farlow 



(type or print name of person certifying) 



* Only the date of filing ( ' 1*6) wilt be the date used in a patent term adjustment calculation, although the dare on any certificate of mailing or 
transmission under ' L8 continues to be taken into account in determining timeliness. See 1 1.703(f). Consider "Express Mail Post Office to 
Addressee "{* /JO) or facsimile transmission ( 1 J. 6(d)) for the reply to be accorded the earliest possible filing date for patent term adjustment 
calculations. 
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3. FEE FOR FILING APPEAL BRIEF 

Pursuant to 37 C.F.R. § 1.17(c), the fee for filing the Appeal Brief is: 
other than a small entity $330.00 

Appeal Brief fee due $330.00 

4. EXTENSION OF TERM 

The proceedings herein are for a patent application and the provisions of 37 C.F.R. § 1.136 apply. 

Applicant believes that no extension of term is required. However, this conditional petition is 
being made to provide for the possibility that applicant has inadvertently overlooked the need for a 
petition and fee for extension of time. 

5. TOTAL FEE DUE 
The total fee due is: 

Appeal brief fee $330.00 
Extension fee (if any) $0.00 

TOTAL FEE DUE $330.00 

6. FEE PAYMENT 

Attached is a check in the amount of $330.00. 
A duplicate of this transmittal is attached. 

7. FEE DEFICIENCY 

If any additional extension and/or fee is required, and if any addifroml fee for claims is required, 
charge Deposit Account No. 50-1351 (Order No. NAI1P263). / / 



Reg. No.: 41,429 

Tel. No.: 408-971-2573 

Customer No.: 28875 




Signature 

Kevin J 
Silicon Val 
P.O. Box 
San Jose, 
USA 
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Practitioner's Docket No. NAJ1P263/99.010.01 PATENT 

IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 
In re application of: Glen Sonnenberg 

Application No.: 09/471,630 Group No.: 2131 

Filed: 12/24/1999 Examiner: Jackson, Jenise 

For: SYSTEM AND METHOD FOR SELECTIVE COMMUNICATION SCANNING AT A 
FIREWALL AND A NETWORK NODE 

Mail Stop Appeal Briefs — Patents 
Commissioner for Patents 
P.O. Box 1450 
Alexandria, VA 22313-1450 

TRANSMITTAL OF APPEAL BRIEF 
(PATENT APPLICATTON-37 C.F.R. § 1.192) 

1. Transmitted herewith, in triplicate, is the APPEAL BRIEF in this application, with respect to the 
Notice of Appeal filed on May 27, 2004. 

2. STATUS OF APPLICANT 

This application is on behalf of other than a small entity. - , ■ . 



CERTIFICATION UNDER 37 C.F.R. §§ 1.8(a) and 1.10* 

(When using Express Mail, the Express Mail label number is mandatory; 
Express Mail certification is optional.) 

1 hereby certify that, on ihe date shown below, this correspondence is being: 

f~ MAILING 

— deposited with the United States Postal Service in an envelope addressed to the Commissioner for Patents, P.O. Box 1450, Alexandria, VA 
22313-1450. 

/ 37 CF.R.§ 1.8(a) 37 CF.R. § MO* 

_ with sufficient postage as first class mail. _as "Express Mail Post Office to Addressee* 

Mailing Label No. (mandatory) 



TRANSMISSION 

— a - ^ A 

Cfr-O 



facsimile transmitted to the Patent and Trademark Office, (703) - Si A S 



Signature 

Date: VJJ I I ° / ^ / Erica L. Farlow 



(type or print name of person certifying) 



* Only the date of filing (* 1.6) wilt be the date used in a patent term adjustment calculation, although the date on any certificate of mailing or 
transmission under » J. 8 continues to be taken into account in determining timeliness. See ' /.703(f). Consider "Express Mail Post Office to 
Addressee "(' /JO) or facsimile transmission ( ' /.6(d)) for the reply to be accorded the earliest possible filing date for patent term adjustment 
calculations. 
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3. FEE FOR FILING APPEAL BRIEF 

Pursuant to 37 C.F.R. § 1.17(c), the fee for filing the Appeal Brief is: 
other than a small entity $330.00 

Appeal Brief fee due $330.00 

4. EXTENSION OF TERM 

The proceedings herein are for a patent application and the provisions of 37 C.F.R. § 1.136 apply. 

Applicant believes that no extension of term is required. However, this conditional petition is 
being made to provide for the possibility that applicant has inadvertently overlooked the need for a 
petition and fee for extension of time. 

5. TOTAL FEE DUE 
The total fee due is: 

Appeal brief fee $330.00 

Extension fee (if any) $0.00 



( J J 

TOTAL FEE DUE $330.00 

FEE PAYMENT 

Attached is a check in the amount of $330.00. 
A duplicate of this transmittal is attached. 
FEE DEFICIENCY 

If any additional extension and/or fee is required, and if any add^xrfal fee for claims is required, 
charge Deposit Account No. 50-135 1 (Order No. NAI1P263). 



Reg. No.: 41,429 

Tel. No.: 408-971-2573 

Customer No.: 28875 



Signature 

Kevin J 
Silicon Val 
P.O. Box 
San Jose, 
USA 
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PATENT 

IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 



In re application of: 

Sonnenberg et al. 
Application No. 09/471,630 
Filed: 12/24/99 

For: SYSTEM AND METHOD FOR 

SELECTIVE COMMUNICATION 
SCANNING AT A FIREWALL AND A 
NETWORK NODE 



Group Art Unit: 2131 
Examiner: Jackson, Jenise E. 
Date: June 18, 2004 



&ECEIVEE) 

CENTRAL FAX eEMTga 

FEB 0 1 2005 



Commissioner for Patents 
Alexandria, VA 22313-1450 

ATTENTION: Board of Patent Appeals and Interferences 

APPELLANT'S BRIEF (37 C.RR. § 1.192) 

This brief is in furtherance of the Notice of Appeal, filed in this case on May 27, 2004. 

The fees required under § LI 7, and any required petition for extension of time for filing this 
brief and fees therefor, are dealt with in the accompanying TRANSMITTAL OF APPEAL 
BRIEF. 

This brief is transmitted in triplicate. (37 C.F.R. § 1.192(a)) 

This brief contains these items under the following headings, and in the order set forth below (37 
C.F.R. § 1.192(c)): 

I REAL PARTY IN INTEREST 

II RELATED APPEALS AND INTERFERENCES 
ID STATUS OF CLAIMS 

IV STATUS OF AMENDMENTS 

V SUMMARY OF INVENTION 
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VI ISSUES 

Vn GROUPING OF CLAIMS 
VIII ARGUMENTS 

APPENDIX OF CLAIMS INVOLVED IN THE APPEAL 

The final page of this brief bears the practitioner's signature. 

I REAL PARTY IN INTEREST (37 C.F.R. § 1.192(c)(1)) 

The real party in interest in this appeal is Networks Associates Technology, hie. 

n RELATED APPEALS AND INTERFERENCES (37 C.F.R. § 1.192(c)(2)) 

With respect to other appeals or interferences that will directly affect, or be directly affected by, 
or have a bearing on the Board's decision in the pending appeal, there are no other such appeals 
or interferences. 

Ill STATUS OF CLAIMS (37 C.F.R. § 1.192(cX3)) 

A- TOTAL NUMBER OF CLAIMS IN APPLICATION 

Claims in the application are: 1-22. 

B. STATUS OF ALL THE CLAIMS IN APPLICATION 

1 . Claims withdrawn from consideration but not canceled: None 

2. Claims pending: 1-22 

3. Claims allowed: None 

4. Claims rejected: 1-22 

C. CLAIMS ON APPEAL 

Appellant's Brief-page 2 of 22 
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The claims on appeal are: 1-22 

IV STATUS OF AMENDMENTS (37 C.F.R. § 1.192(c)(4)) 

As to the status of any amendment filed subsequent to final rejection, there are no such 
amendments after final. 

V SUMMARY OF INVENTION (37 C.F.R. § 1.192(c)(5)) 

In one embodiment, a system and methods are provided for scanning a communication that is 
received at a firewall on behalf of a destination node on one or the other of the firewall and the 
destination node. See Figure IB. In particular, a set of rules, criteria or parameters may be 
established to determine when a communication is to be scanned for target content (e.g., 
computer viruses, programming objects, content of a particular type) on a destination node 
instead of the firewall. Note operation 516 of Figure 5 and the accompanying description. 
Overall performance of the firewall may thus be enhanced by off-loading some of its 
communication scanning responsibilities to a trusted host or node that is connected to the 
firewall. 

VI ISSUES (37 C.F.R. § 1.192(c)(6)) 

Issue # 1 : The Examiner has rejected Claims 1-22 under 35 U.S.C. §1 02(e) as allegedly being 
anticipated by Segal (6,345,299). 

VII GROUPING OF CLAIMS (37 C.F.R. § 1.192(c)(7)) 

The claims of the following groups do not stand or fall together. Following is the grouping of 
claims. In the following section, appellant explains why the claims of each group are believed to 
be separately patentable. 



Appellant's Brief-page 3 of 22 
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Issue # 1 : Grouping of Claims 

Group #1: Claims 1-2, 9, 10-11, and 13-21 

Group #2: Claim 3 

Group #3: Claims 4 and 5 

Group #4: Claim 6 

Group #5: Claim 7 

Group #7: Claim S 

Group #8: Claim 12 

Group #9: Claim 22 

VIII ARGUMENTS (37 C.RR § 1.192(c)(8)) 

Issue #1: 

The Examiner has rejected Claims 1-22 under 35 U.S.C. § 102(e) as allegedly being anticipated 
by Segal; (6,345,299). 

Group #1: Claims 1 9 9, 10-11, and 13-21 

With respect to Group #1 , Appellant respectfully disagrees with such rejection, since the 
Examiner's sole reference fails to meet each of appellant's independent claim limitations. 

The Examiner continues to rely on the following excerpt from Segal to make a prior art showing 
of appellant's claimed "maintaining a set of criteria for determining when one of said 
communications may be scanned at a computer node connected to the firewall instead of at the 
firewall" (see Claims 1 and 17), "a set of criteria to be applied to said communication to 
determine if said communication is to be scanned for target content at the firewall or at the 
destination node" (see Claim 18), and "a set of rules configured to determine whether said 
communication is to be scanned for said target content on said firewall or on the first node" (see 
Claim 19). 



Appellant's Brief— page 4 of 22 
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"In accordance with the invention, the network 40 the units 43, 45, 46, 
47, 49, and SO each comprise a shared list setting forth a plurality of 
listed nodes and a set of access privileges for each listed node. 
Access privileges are the types of transmissions that a given node 
listed in the shared list is permitted to make. For example, consider 
the case where node Bl is a computer or LAN at an accounting firm. The 
firm may want to restrict the nodes from which it receives or transmits 
E-mail or certain types of transmissions (i.e. File Transfer Protocol 
(FTP) . In this case, the firm wishes to receive e-mail only form its 
clients Zl, Y2 , and X4 . Node Bl would instruct node 45 to provide that 
the shared list residing at security node 45 would intercept all e-mail 
and only allow e-mail form nodes Zl, Y2 and X4 but in this distributed 
system, it is also possible for security node 4 9 to only allow e-mail 
from Y2, node 50 prohibits e-mail form 22 and so forth. Thus, with the 
cooperation of other nodes, it is virtually impossible to overwhelm 
node 45 with unpermitted transmissions. The shared list may provide 
with respect to any listed node that it can only transmit to certain 
other listed nodes and, with respect to those nodes it can transmit to, 
restrictions applicable to such transmissions." (col. 2, line 60 - col. 
3, line 15) 



Specifically, with respect to appellant's claimed "maintaining a set of criteria for determining 
when one of said communications may be scanned at a computer node connected to the firewall 
instead of at the firewall " (emphasis added), the Examiner points out the foregoing discussion of 
the exemplary use of the shared list in Segal, and then concludes "Segal discloses that the node 
and the firewall communicate to determine wMgK transmissions are to be transmitted.*' : 



Even if the Examiner's conclusion summary accurately describes what Segal discloses, it still 
fails to meet all of appellant's claim limitations. In the Examiner's cited example above, the 
node Bl is not capable of any scanning, thus there is clearly no disclosure, teaching or even 
suggestion of any sort of determining when one of said communications may be scanned at a 
computer node connected to the firewall instead of at the firewall . Only appellant teaches and 
claims such specific interplay between a computer node and a firewall, whereby scanning occurs 
on one or the other based on a set of criteria. 



The Examiner continues by stating that Segal inherently discloses a virus scanner, in view of the 
excerpt from Segal below: 



"The situation can be improved upon by providing a set of firewall -type 
commands that include lists of which nodes, sources, networks are 
allowed to use certain destinations. These commands can be utilized by 
filtering devices and/or security devices such as firewalls, ingress 

Appellant's Brief-page S of 22 
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nodes, switches, which would be informed which destination nodes, 
addresses, ports, are permitted to which source nodes or networks. 
These filtering devices and/or security devices may be separate stand- 
alone components or their capability may be integrated into other, 
possibly already existing, devices." (col. 3, lines 35-45) 



Further, the Examiner concludes that "Segal discloses a firewall that filters and scans data/' 
First, appellant notes that there is no mention of "scanning" in Segal. Moreover, even if there 
were some sort of scanning inherently disclosed in Segal, it would still fail to meet appellant's 
claimed " virus scanner" feature. 



Appellant asserts that the disclosure of a firewall does not necessarily meet the limitation of a 
'Virus scanner," neither explicitly nor implicitly. See, for example, an illustrative definition of a 
firewall, indicating the broadest plain and ordinary meaning thereof. 



"firewall 



A system designed to prevent linauthorized access to or from a private 
network. Firewalls can be implemented in both hardware and software, or 
a combination of both. Firewalls are frequently iised to prevent 
unauthorized Internet users, from accessing private networks connected 
to the Internet, especially intranets. All messages entering or leaving 
the intranet pass through the firewall, which examines each message and 
blocks those that do not meet the specified security criteria. 

There are several types of firewall techniques : 



Packet filter: Looks at each packet entering or leaving the network and 
accepts or rejects it based on user-defined rules. Packet filtering is 
fairly effective and transparent to users, but it is difficult to 
configure. In addition, it is susceptible to IP spoofing. 

Application gateway: Applies security mechanisms to specific 
applications, such as FTP and Telnet servers. This is very effective, 
but can impose a performance degradation. 

Circuit-level gateway: Applies security mechanisms when a TCP or UDP 
connection is established. Once the connection has been made, packets 
can flow between the hosts without further checking. 

Proxy server: Intercepts all messages entering and leaving the network. 
The proxy server effectively hides the true network addresses. 

In practice, many firewalls use two or more of these techniques in 
concert . 



A firewall is considered a first line of defense in protecting private 
information. For greater security, data can be encrypted, " 



Appellant's Brief-page 6 of 22 
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httpt //www. webopedia.com/TERM/f /firewall .html 

There is simply no mention of any sort of virus scanning in such definition. Appellant further 
brings the Examiner's attention to what is well known in the computer industry, namely virus 
scanner and firewall products/features are separate entities which, may be used in combination, 
but are nevertheless functionally different. Again, the Segal reference fails to meet appellant's 
claims. 

A claim is anticipated only if each and every element as set forth in the claim is found, either 
expressly or inherently described in a single prior art reference. Verdegaal Bros. v. Union Oil 
Co. Of California, 814 F.2d 628, 631, 2 USPQ2d 1051, 1053 (Fed. Cir. 1987). Moreover, the 
identical invention must be shown in as complete detail as contained in the claim. Richardson v. 
Suzuki Motor Co. 868 F.2d 1226, 1236, 9USPQ2d 1913, 1920 (Fed. Cir. 1989). The elements 
must be arranged as required by the claim. 

This criterion has simply not been met by the Segal reference, in view of the arguments set forth 
hereinabove. . , . : , . . 

Group #2: Claim 3 

With respect to Group #2, the Examiner relies on the following excerpt from Segal to make a 
prior art showing of appellant's claimed "marking said second communication before said 
forwarding to said second computer node." 

"The firm may want to restrict the nodes from which it receives or 
transmits E-mail or certain types of transmissions (i.e. Pile Transfer 
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